Bug 1450315 - Remove document.allowUnsafeHTML. r=bz
authorJohann Hofmann <jhofmann@mozilla.com>
Sat, 31 Mar 2018 10:27:19 +0200
changeset 411452 76f66b8cea9315e4dbd2535be368c27ab206b919
parent 411451 d3bbcd354714a1ae3f1c65851c8541daff46233d
child 411453 801d1d90b2ffcca423d9cee10509169318890b8c
push id33760
push useraciure@mozilla.com
push dateTue, 03 Apr 2018 21:52:50 +0000
treeherdermozilla-central@ad27045cac84 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1450315, 1432966, 1434155
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1450315 - Remove document.allowUnsafeHTML. r=bz This attribute was added in bug 1432966 when we started sanitizing chrome usage of innerHTML to allow devtools to use custom attributes in React via dangerouslySetInnerHTML. Devtools removed its usage of dangerouslySetInnerHTML in bug 1434155, so document.allowUnsafeHTML is no longer used and can be removed. MozReview-Commit-ID: 8xTVZDmPqRa
dom/base/nsContentUtils.cpp
dom/base/nsDocument.cpp
dom/base/nsIDocument.h
dom/webidl/Document.webidl
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -5086,17 +5086,18 @@ nsContentUtils::ParseFragmentHTML(const 
     // Now sHTMLFragmentParser owns the object
   }
 
   nsIContent* target = aTargetNode;
 
   // If this is a chrome-privileged document, create a fragment first, and
   // sanitize it before insertion.
   RefPtr<DocumentFragment> fragment;
-  if (aSanitize != NeverSanitize && !aTargetNode->OwnerDoc()->AllowUnsafeHTML()) {
+  if (aSanitize != NeverSanitize &&
+      IsSystemPrincipal(aTargetNode->NodePrincipal())) {
     fragment = new DocumentFragment(aTargetNode->OwnerDoc()->NodeInfoManager());
     target = fragment;
   }
 
   nsresult rv =
     sHTMLFragmentParser->ParseFragment(aSourceBuffer,
                                        target,
                                        aContextLocalName,
@@ -5193,17 +5194,18 @@ nsContentUtils::ParseFragmentXML(const n
 
   rv = sXMLFragmentSink->FinishFragmentParsing(aReturn);
 
   sXMLFragmentParser->Reset();
   NS_ENSURE_SUCCESS(rv, rv);
 
   // If this is a chrome-privileged document, sanitize the fragment before
   // returning.
-  if (aSanitize != NeverSanitize && !aDocument->AllowUnsafeHTML()) {
+  if (aSanitize != NeverSanitize &&
+      IsSystemPrincipal(aDocument->NodePrincipal())) {
     // Don't fire mutation events for nodes removed by the sanitizer.
     nsAutoScriptBlockerSuppressNodeRemoved scriptBlocker;
 
     RefPtr<DocumentFragment> fragment = static_cast<DocumentFragment*>(*aReturn);
 
     nsTreeSanitizer sanitizer(nsIParserUtils::SanitizerAllowStyle |
                               nsIParserUtils::SanitizerAllowComments |
                               nsIParserUtils::SanitizerDropForms |
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@@ -1429,17 +1429,16 @@ nsIDocument::nsIDocument()
     mIsTopLevelContentDocument(false),
     mIsContentDocument(false),
     mDidCallBeginLoad(false),
     mBufferingCSPViolations(false),
     mAllowPaymentRequest(false),
     mEncodingMenuDisabled(false),
     mIsShadowDOMEnabled(false),
     mIsSVGGlyphsDocument(false),
-    mAllowUnsafeHTML(false),
     mInDestructor(false),
     mIsGoingAway(false),
     mInXBLUpdate(false),
     mNeedsReleaseAfterStackRefCntRelease(false),
     mStyleSetFilled(false),
     mSSApplicableStateNotificationPending(false),
     mMayHaveTitleElement(false),
     mDOMLoadingSet(false),
@@ -5857,23 +5856,16 @@ nsIDocument::CreateAttributeNS(const nsA
     return nullptr;
   }
 
   RefPtr<Attr> attribute = new Attr(nullptr, nodeInfo.forget(),
                                     EmptyString());
   return attribute.forget();
 }
 
-bool
-nsIDocument::AllowUnsafeHTML() const
-{
-  return (!nsContentUtils::IsSystemPrincipal(NodePrincipal()) ||
-          mAllowUnsafeHTML);
-}
-
 void
 nsIDocument::ResolveScheduledSVGPresAttrs()
 {
   for (auto iter = mLazySVGPresElements.Iter(); !iter.Done(); iter.Next()) {
     nsSVGElement* svg = iter.Get()->GetKey();
     svg->UpdateContentDeclarationBlock();
   }
   mLazySVGPresElements.Clear();
--- a/dom/base/nsIDocument.h
+++ b/dom/base/nsIDocument.h
@@ -3206,18 +3206,16 @@ public:
   already_AddRefed<mozilla::dom::CDATASection>
     CreateCDATASection(const nsAString& aData, mozilla::ErrorResult& rv);
   already_AddRefed<mozilla::dom::Attr>
     CreateAttribute(const nsAString& aName, mozilla::ErrorResult& rv);
   already_AddRefed<mozilla::dom::Attr>
     CreateAttributeNS(const nsAString& aNamespaceURI,
                       const nsAString& aQualifiedName,
                       mozilla::ErrorResult& rv);
-  void SetAllowUnsafeHTML(bool aAllow) { mAllowUnsafeHTML = aAllow; }
-  bool AllowUnsafeHTML() const;
   void GetInputEncoding(nsAString& aInputEncoding) const;
   already_AddRefed<mozilla::dom::Location> GetLocation() const;
   void GetReferrer(nsAString& aReferrer) const;
   void GetLastModified(nsAString& aLastModified) const;
   void GetReadyState(nsAString& aReadyState) const;
 
   already_AddRefed<mozilla::dom::AboutCapabilities> GetAboutCapabilities(
     ErrorResult& aRv);
@@ -4039,20 +4037,16 @@ protected:
 
   // True if dom.webcomponents.shadowdom.enabled pref is set when document is
   // created.
   bool mIsShadowDOMEnabled : 1;
 
   // True if this document is for an SVG-in-OpenType font.
   bool mIsSVGGlyphsDocument : 1;
 
-  // True if unsafe HTML fragments should be allowed in chrome-privileged
-  // documents.
-  bool mAllowUnsafeHTML : 1;
-
   // True if the document is being destroyed.
   bool mInDestructor: 1;
 
   // True if the document has been detached from its content viewer.
   bool mIsGoingAway: 1;
 
   bool mInXBLUpdate: 1;
 
--- a/dom/webidl/Document.webidl
+++ b/dom/webidl/Document.webidl
@@ -101,21 +101,16 @@ interface Document : Node {
   // These are not in the spec, but leave them for now for backwards compat.
   // So sort of like Gecko extensions
   [NewObject, Throws]
   CDATASection createCDATASection(DOMString data);
   [NewObject, Throws]
   Attr createAttribute(DOMString name);
   [NewObject, Throws]
   Attr createAttributeNS(DOMString? namespace, DOMString name);
-
-  // Allows setting innerHTML without automatic sanitization.
-  // Do not use this.
-  [ChromeOnly]
-  attribute boolean allowUnsafeHTML;
 };
 
 // https://html.spec.whatwg.org/multipage/dom.html#the-document-object
 partial interface Document {
   [PutForwards=href, Unforgeable] readonly attribute Location? location;
   //(HTML only)         attribute DOMString domain;
   readonly attribute DOMString referrer;
   //(HTML only)         attribute DOMString cookie;